Issues while using DBUS over TCP
Havoc Pennington
hp at pobox.com
Wed Aug 6 10:00:45 PDT 2008
Hi,
On Wed, Aug 6, 2008 at 10:37 AM, Eric Jonas <jonas at mit.edu> wrote:
> I agree this might be an issue -- dbus devs, do you have any pointers on
> how we might get around the "no <auth> entries ==> allows anonymous"
> problem? It feels like users should have to really, really, really
> specify that they want authentication disabled.
>
ANONYMOUS in the config file does not disable authentication really,
it disables identification. Auth is disabled by the patch to the bus
daemon.
There are two separate things:
1) proving your identity; the mechanisms in the config file basically
do this, though the config option is called <auth> which is confusing
perhaps. ANONYMOUS means "do not claim to have any identity"
2) authentication; once identity is known, the bus daemon decides if
the given identity is authorized. The bus daemon patch says "it's OK
to authorize anonymous", while without the patch, if you don't prove
an identity, you get disconnected.
Anyway, the auth mechanisms are ways to prove identity, and then the
actual code in the bus daemon decides what each identity is allowed to
do.
This is why the change to the bus daemon may not be OK, because it's
not clear the bus daemon properly constrains what a non-identified
connection can do. To know this, it's necessary to read all the places
in the bus daemon code that act based on user identity, and decide
what will happen if there is no user identity, and whether what will
happen is OK.
Havoc
More information about the dbus
mailing list